how to disable a spcific cgi page in apache?

Question

I have an Apache server that hosts multiple sites, one of them use CGI, one of them does not. While security scanning this non-CGI site was flagged in the tool for security review for a CGI page.

I am trying to block that page in Apache using the following methods, but it does not seem to work either way:

Testing in Apache site vhost:

<Location />
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/cgi-bin/serve-boxcgi$ [NC]
RewriteRule ^.*$ - [F,L]
</Location>

Testing in .htaccess for this site:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/cgi-bin/serve-boxcgi$ [NC]
RewriteRule ^.*$ - [F,L]
</IfModule>

The site is PHP based. It does use PHP-fpm/fast-CGI configurations.
Please advise what I may be doing wrong here.

score 1 · Answer 1 · answered Dec 13 '17 at 22:56

1

If you have a certain site under a different virtual host in your sites-enabled you can try adding this to the site where you don't want php:

php_flag engine off

answered Dec 13 '17 at 22:56

Desultory

87
3
12

how to disable a spcific cgi page in apache?

1 Answers1